data theft Archives - Help Net Security

data theft

CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

January 16, 2023

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s …

Fake subscription invoices lead to corporate data theft and extortion

November 23, 2022

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. …

130 Dropbox code repos plundered after successful phishing attack

November 2, 2022

Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information. …

Former Uber CSO convicted for concealing data breach, theft from the authorities

October 6, 2022

Joe Sullivan, the former Chief Security Officer (CSO) of Uber, has been convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in …

To encrypt or to destroy? Ransomware affiliates plan to try the latter

September 26, 2022

Ransomware gangs are planning on trying out a new tactic, and it involves the destruction of the victims’ data. Targeting the data Researchers from Symantec, Cyderes and …

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

August 2, 2022

Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make …

Which stolen data are ransomware gangs most likely to disclose?

June 17, 2022

If your organization gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more …

Stealthy APT group plunders very specific corporate email accounts

May 4, 2022

An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments …

Mars Stealer malware pushed via Google Ads and phishing emails

March 30, 2022

Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick …

Microsoft and Okta confirm, detail impact of Lapsus$ gang’s attacks

March 23, 2022

Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft’s source code and have …

Lapsus$ gang says it has breached Okta and Microsoft

March 22, 2022

After breaching NVIDIA and Samsung and stealing and leaking those companies’ propertary data, the Lapsus$ cyber extortion gang has announced that they have popped …

How challenging is corporate data protection?

February 17, 2022

Code42 released a report, conducted by Vanson Bourne, which found that cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate …

data theft

CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

Fake subscription invoices lead to corporate data theft and extortion

130 Dropbox code repos plundered after successful phishing attack

Former Uber CSO convicted for concealing data breach, theft from the authorities

To encrypt or to destroy? Ransomware affiliates plan to try the latter

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

Which stolen data are ransomware gangs most likely to disclose?

Stealthy APT group plunders very specific corporate email accounts

Mars Stealer malware pushed via Google Ads and phishing emails

Microsoft and Okta confirm, detail impact of Lapsus$ gang’s attacks

Lapsus$ gang says it has breached Okta and Microsoft

How challenging is corporate data protection?

Don't miss

How organizations can keep themselves secure whilst cutting IT spending

Mounting pressure is creating a ticking time bomb for railway cybersecurity

3 business application security risks businesses need to prepare for in 2023

Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)

Attackers use portable executables of remote management software to great effect